Sign in with
Sign up | Sign in
Your question

Server2000, IAS PEAP cannot find certificate

Last response: in Wireless Networking
Share
Anonymous
July 15, 2005 10:26:08 AM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Hi,

I'm having problems configuring a Windows 2000 Server IAS for PEAP.

Whenever I click the "Configuration" button to configure PEAP when
configuring the remote access policy, I get the error "A certificate
could not be found that can be used with the Extensible Authentication
Protocol".

Now I have tried installing a number of certificates into the machine
local store (with the corresponding CA certificate in the Trusted Root
CAs store) to no avail.

I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
of the certificate. All certificates have the correct Server Auth OID
in the EKU. The certificates have been imported with make private keys
exportable checked.

I have tried this with a test Server 2003 box and this works fine
(which incidentally does not seem to check the content of the CN
field). And I have exported good certificates with their private keys
from this box to the 2000 box and these don't work either.

I have also tried the process detailed in the MS Knowledge Base article
295663 (How to import third-party certification authority (CA)
certificates into the Enterprise NTAuth store) and this doesn't help
either.

How can I find out what IAS does not like about my certificates?

thanks,
Andy
Anonymous
July 15, 2005 5:15:41 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Try looking here
http://www.microsoft.com/technet/prodtechnol/windowsser...

You've covered the server OID in the EKU. Check the section on server
requirements. Verify the CSP and SAN. Those are often overlooked.

What certificate template are you using? Does the CRL chain correctly?

Hopefully that helps.

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com



<andrew.juniper@red-m.com> wrote in message
news:1121433968.273422.273540@g44g2000cwa.googlegroups.com...
> Hi,
>
> I'm having problems configuring a Windows 2000 Server IAS for PEAP.
>
> Whenever I click the "Configuration" button to configure PEAP when
> configuring the remote access policy, I get the error "A certificate
> could not be found that can be used with the Extensible Authentication
> Protocol".
>
> Now I have tried installing a number of certificates into the machine
> local store (with the corresponding CA certificate in the Trusted Root
> CAs store) to no avail.
>
> I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
> of the certificate. All certificates have the correct Server Auth OID
> in the EKU. The certificates have been imported with make private keys
> exportable checked.
>
> I have tried this with a test Server 2003 box and this works fine
> (which incidentally does not seem to check the content of the CN
> field). And I have exported good certificates with their private keys
> from this box to the 2000 box and these don't work either.
>
> I have also tried the process detailed in the MS Knowledge Base article
> 295663 (How to import third-party certification authority (CA)
> certificates into the Enterprise NTAuth store) and this doesn't help
> either.
>
> How can I find out what IAS does not like about my certificates?
>
> thanks,
> Andy
>
!